21-07-2025
US warns about Microsoft Sharepoint cyber vulnerability
A cyber security vulnerability in Microsoft 's SharePoint collaboration software has been added to the US Cybersecurity and Infrastructure Security Agency (Cisa) exploitation list as customers deal with the potential fallout.
Computer security experts say hackers have exploited the loophole and potentially compromised private and public computer networks in the US.
The individual or groups behind the software exploitation is not yet known.
'The incident reveals the growing sophistication of threat actors who have gained internal access to an environment and can now leverage existing resources (like Microsoft Exchange, SharePoint,) to conduct nefarious missions beyond just ransomware attacks, like 'wiper' malware that deletes data,' said Morey Haber, a chief security adviser at cyber security company BeyondTrust.
Mr Haber said Microsoft appears to have responded quickly once the vulnerability to Sharepoint was identified, but added that for some, it might be too little, too late.
'Considering the speed of exploitation, some organisations may be waking up Monday morning to a fresh series of attacks,' he explained.
The various editions of Microsoft Sharepoint are also making it more difficult to provide a one-size-fits-all solution.
Microsoft pointed out that it released a security update for SharePoint 2019, and that other fixes would be on the way.
'We are actively working on updates for SharePoint 2016,' the Redmond, Washington software company posted on X.
Santiago Pontiroli, lead researcher at cyber protection company Acronis, shared more some perspective as to the scale and affect of the cyber attack.
'This incident continues a trend of high-impact attacks against Microsoft infrastructure, including the Exchange mass exploitation in 2021 and the 2023 cloud email breach,' he said.
'Over the past several years, state-aligned and advanced persistent threat groups have repeatedly abused vulnerabilities in Microsoft platforms to gain initial access, steal sensitive data, and establish long-term footholds in enterprise networks.'
Microsoft does, however, invest heavily in trying to prevent such breaches from occurring.
Federal law enforcement agencies regularly work with the company and have a presence at the company's cyber crime centre in Redmond.
That said, Mr Pontiroli pointed out that cyber security is a continuing game of whack-a-mole, and that companies and entities using Sharepoint should take it seriously.
'Organisations still running on-premises SharePoint need to act now,' he said. 'Apply the latest updates, monitor for signs of compromise, and assume exposure if systems were only partially patched.'
